[PHP][DEV] ShadowCMS

Status
Not open for further replies.

Dayron1234(2)

New Member
Jun 11, 2011
33
0
SHADOWCMS
Shadow Developments​


Hello everyone you may know me by Dayron1234 which is my regular account and I'm here to bring you a development of a CMS I'm creating partly from scratch. I'm still learning PHP and as I go I create the pages and start coding.ShadowCMS is a new CMS I will be working on until I finish.There will be updates included in this thread so no need to worry. My estimated time that it will be released is at least from 2 - 3 weeks.

FAQ:

Question:
Is this CMS gonna be free?

Answer: All my projects I work on is free and have no license of any kind.

Question: When will this CMS be released?

Answer: About 2 - 3 weeks, but it mostly depends if I work everyday but I might goof of sometimes :cool:.

Question: Is there gonna be a live demo of this CMS?

Answer: There will be a live demo of the CMS.

If I missed any and you want me to put it up please post.

Goals
Red - Not started
Green - Finished
Yellow - Started

  • Login
  • Register
  • Me
  • News
  • Comments
  • Control Panel

We will keep you updated when we started on a new page, ect...
 

Dayron1234(2)

New Member
Jun 11, 2011
33
0
Sorry this won't be compatible with any emulator because I just want to test my PHP skills with just a basic, lame CMS lol. Maybe the next version will be compatible with an emulator.
 

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,638
2,393
The fact that this has no screenshots makes me a bit sceptical.
 

Dayron1234(2)

New Member
Jun 11, 2011
33
0
I can show you some coding snippets? Here is my register.php:

PHP:
<?php
/*##############################################
  #            Shadowcms             #
  #                 © 2011                     #
  #                Devbest                     #
  #                                            #
  ##############################################
*/
  
//Database Info
$dbhost = "localhost"; // Default is localhost
$dbname = "shadowcms"; //Database
$dbuser = "root"; // Default is root
$dbpass = "PASSWORD"; //phpmyadmin password

//Connecting to database yay!
mysql_connect($dbhost, $dbuser, $dbpass) or die ("Could not conenct: ".mysql_error());
mysql_select_db($dbname) or die (mysql_error());

//Getting started with the real script
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']); //Passwords are now secured with MD5

$checkuser = mysql_query("SELECT username FROM users WHERE username = '$username'");
$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0) {
  echo "Sorry but this username is already registered according to our database records.";
  unset($username);
  exit();
}

// No errors right? Lets insert it into our database
$query ="INSERT INTO users(name, email, username, password) VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die (mysql_error());
mysql_close();

echo "You have successfully registered";
?>

I would love to hear any tips from M0nsta since you are a PHP coder :)
 

Dayron1234(2)

New Member
Jun 11, 2011
33
0
I was thinking of that smartyguy but I was to lazy lol. I will do it in a sec thanks for reminding me to dam. Much easier for other people so they don't have to edit it.

Ehhh I'm 99% done with my login page but something came up?

I get this error
Code:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php on line 27

Here is my login script:
PHP:
<?php
/*##############################################
  #            Shadowcms              #
  #                 © 2011                     #
  #                Devbest                     #
  #                                            #
  ##############################################
*/

//Database Info
$dbhost = "localhost"; // Default is localhost
$dbname = "shadowcms"; //Database
$dbuser = "root"; // Default is root
$dbpass = "password"; //phpmyadmin password

// Connecting to database yay!
mysql_connect($dbhost, $dbuser, $dbpass) or die ("Could not connect: ". mysql_error());
mysql_select_db($dbname) or die (mysql_error());

session_start();
$username = $_POST['username'];
$password = md5($_POST['password']);

$query = "SELECT * FROM users WHERE username = ’$username’ and password=’$password’";
$result = mysql_query($query);

if(mysql_num_rows($result)!= 1) {
  $error = "Failed login";
  include "login.htm";
}
else
{
  $_SESSION['username'] = "$username";
  include "me.php";
}
?>
 

Benden

maging ang maganda mamatay
Jun 4, 2010
2,286
1,482
I'm no genius but try replacing mysql_num_row with mysql_fetch_assoc
I got no idea if it will work but it just sounds right
 

Dayron1234(2)

New Member
Jun 11, 2011
33
0
I'm using that to get the user details and checking if they are right and if not they will just be incorrect but I will try that.
 

Rilax

Member
Jun 20, 2011
38
0
Looks nice, hope to see the final product. Also could you include what makes it stand out? 8)
 

Dayron1234(2)

New Member
Jun 11, 2011
33
0
Nothing actually makes it stand out... Anyways new updates !!!

UPDATE: I have now got rid of the warning on the log in page I just want to do something in the database and think of new ideas.
 

Dayron1234(2)

New Member
Jun 11, 2011
33
0
To much work for me.. I'm just doing basic stuffs to this CMS. Maybe if I get better at PHP I can do that... Other then that thanks for your feedback.
 

Dayron1234

Rapnameiszero,cuzIhavezero,toleranceforidiots
Jun 30, 2010
772
35
UPDATE: I have re-done everything, Login is 100% working, Register is 100% (I needa put a theme on it ect...), Me page is not so great but it will do for now, logout is 100% aswell, and news system will come later on.

Sorry for the delay ;)
 

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,638
2,393
This is very insecure from what I've seen in the snippets of code you have provided above.

Make sure you use strip_tags() around $_POST and $_GET variables to prevent XSS injections and hacking. When working with MySQL around $_POST and $_GET, use mysql_real_escape_string() to prevent SQL injections.

I'm not trying to be a jerk, I'm just trying to help you keep your projects secure and stable.

Anyway, good luck with it.
 

RastaLulz

fight teh power
Staff member
May 3, 2010
3,934
3,933
It's nice to see that you are learning PHP, Dayron. The script itself is very basic, but we all have to start somewhere. I look forward to seeing you progress.

Also, I agree with what Mark said. You should always take into consideration exploits (sql injection, xss, etc) when coding. I personally like to bind the paramaters for SQL, and use the htmlentities() function to counter act XSS.
 

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,638
2,393
It's nice to see that you are learning PHP, Dayron. The script itself is very basic, but we all have to start somewhere. I look forward to seeing you progress.

Also, I agree with what Mark said. You should always take into consideration exploits (sql injection, xss, etc) when coding. I personally like to bind the paramaters for SQL, and use the htmlentities() function to counter act XSS.
Binding parameters for SQL? How do you mean? I've never tried that before.
 

RastaLulz

fight teh power
Staff member
May 3, 2010
3,934
3,933
Binding parameters for SQL? How do you mean? I've never tried that before.
It's done with mysqli, instead of the normal mysql functions.

Example:
PHP:
<?php

$db = new mysqli('host', 'user', 'pass', 'db');

$db->prepare('UPDATE dogs SET bone = ? WHERE meal = ?');

$db->bind_param('is', 1, 'dessert');

$db->execute();
 
Status
Not open for further replies.

Users who are viewing this thread

Top